veracode gov stage access

home-manager/veracode/.okta_aws_login_config

@@ -2,8 +2,8 @@
 okta_org_url = https://govus-staging-veracode.okta.com
 gimme_creds_server = appurl
 aws_rolename = arn:aws-us-gov:iam::403885414333:role/Corp-Engineer
-write_aws_creds = False
+write_aws_creds = True
-cred_profile = role
+cred_profile = 403885414333-Corp-Engineer
 okta_username = lcech@veracode.com
 app_url = https://govus-staging-veracode.okta.com/home/amazon_aws/0oame0n0rGjDo9BvZ4h6/272
 resolve_aws_alias = False

home-manager/veracode/aws-cli.nix

@@ -560,11 +560,6 @@ in
   ];
 
   programs.zsh.shellAliases = {
-    export-aws-govus-stage = ''${pkgs.writeShellScript "export-aws-govus-stage" ''
-      gimme-aws-creds --profile govus-stage
-      echo "export AWS_REGION=us-gov-west-1"
-    ''}'';
-
     veracode-find = ''${pkgs.writeShellScript "veracode-find" ''
       for profile in $(aws configure list-profiles | grep -E '^(us|eu|old-world|longbow)-'); do
         echo "=== $profile ==="
@@ -607,5 +602,10 @@ in
       aws sso login --profile old-world-aws-devops &
       aws sso login --profile longbow-SharedServices &
     ''}'';
+
+    veracode-login-govus-stage = ''${pkgs.writeShellScript "export-aws-govus-stage" ''
+      gimme-aws-creds --profile govus-stage
+      ${pkgs.gnugrep}/bin/grep "^\[403885414333-Corp-Engineer\]" -A1 ${homedir}/.aws/credentials | ${pkgs.coreutils}/bin/tail -n 1 | ${pkgs.gnugrep}/bin/grep -q "region" || ${pkgs.gnused}/bin/sed -i '/^\[403885414333-Corp-Engineer\]$/a region = us-gov-west-1' ${homedir}/.aws/credentials
+    ''}'';
   };
 }